1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242#include <config.h>
243#include <hexdump.h>
244#include <log.h>
245#include <malloc.h>
246#include <common.h>
247#include <console.h>
248#include <g_dnl.h>
249#include <dm/devres.h>
250#include <linux/bug.h>
251
252#include <linux/err.h>
253#include <linux/usb/ch9.h>
254#include <linux/usb/gadget.h>
255#include <usb_mass_storage.h>
256
257#include <asm/unaligned.h>
258#include <linux/bitops.h>
259#include <linux/usb/gadget.h>
260#include <linux/usb/gadget.h>
261#include <linux/usb/composite.h>
262#include <linux/bitmap.h>
263#include <g_dnl.h>
264
265
266
267#define FSG_DRIVER_DESC "Mass Storage Function"
268#define FSG_DRIVER_VERSION "2012/06/5"
269
270static const char fsg_string_interface[] = "Mass Storage";
271
272#define FSG_NO_INTR_EP 1
273#define FSG_NO_DEVICE_STRINGS 1
274#define FSG_NO_OTG 1
275#define FSG_NO_INTR_EP 1
276
277#include "storage_common.c"
278
279
280
281#define GFP_ATOMIC ((gfp_t) 0)
282#define PAGE_CACHE_SHIFT 12
283#define PAGE_CACHE_SIZE (1 << PAGE_CACHE_SHIFT)
284#define kthread_create(...) __builtin_return_address(0)
285#define wait_for_completion(...) do {} while (0)
286
287struct kref {int x; };
288struct completion {int x; };
289
290struct fsg_dev;
291struct fsg_common;
292
293
294struct fsg_common {
295 struct usb_gadget *gadget;
296 struct fsg_dev *fsg, *new_fsg;
297
298 struct usb_ep *ep0;
299 struct usb_request *ep0req;
300 unsigned int ep0_req_tag;
301
302 struct fsg_buffhd *next_buffhd_to_fill;
303 struct fsg_buffhd *next_buffhd_to_drain;
304 struct fsg_buffhd buffhds[FSG_NUM_BUFFERS];
305
306 int cmnd_size;
307 u8 cmnd[MAX_COMMAND_SIZE];
308
309 unsigned int nluns;
310 unsigned int lun;
311 struct fsg_lun luns[FSG_MAX_LUNS];
312
313 unsigned int bulk_out_maxpacket;
314 enum fsg_state state;
315 unsigned int exception_req_tag;
316
317 enum data_direction data_dir;
318 u32 data_size;
319 u32 data_size_from_cmnd;
320 u32 tag;
321 u32 residue;
322 u32 usb_amount_left;
323
324 unsigned int can_stall:1;
325 unsigned int free_storage_on_release:1;
326 unsigned int phase_error:1;
327 unsigned int short_packet_received:1;
328 unsigned int bad_lun_okay:1;
329 unsigned int running:1;
330
331 int thread_wakeup_needed;
332 struct completion thread_notifier;
333 struct task_struct *thread_task;
334
335
336 const struct fsg_operations *ops;
337
338 void *private_data;
339
340 const char *vendor_name;
341 const char *product_name;
342 u16 release;
343
344
345
346 char inquiry_string[8 + 16 + 4 + 1];
347
348 struct kref ref;
349};
350
351struct fsg_config {
352 unsigned nluns;
353 struct fsg_lun_config {
354 const char *filename;
355 char ro;
356 char removable;
357 char cdrom;
358 char nofua;
359 } luns[FSG_MAX_LUNS];
360
361
362 const struct fsg_operations *ops;
363
364 void *private_data;
365
366 const char *vendor_name;
367 const char *product_name;
368
369 char can_stall;
370};
371
372struct fsg_dev {
373 struct usb_function function;
374 struct usb_gadget *gadget;
375 struct fsg_common *common;
376
377 u16 interface_number;
378
379 unsigned int bulk_in_enabled:1;
380 unsigned int bulk_out_enabled:1;
381
382 unsigned long atomic_bitflags;
383#define IGNORE_BULK_OUT 0
384
385 struct usb_ep *bulk_in;
386 struct usb_ep *bulk_out;
387};
388
389
390static inline int __fsg_is_set(struct fsg_common *common,
391 const char *func, unsigned line)
392{
393 if (common->fsg)
394 return 1;
395 ERROR(common, "common->fsg is NULL in %s at %u\n", func, line);
396#ifdef __UBOOT__
397 assert_noisy(false);
398#else
399 WARN_ON(1);
400#endif
401 return 0;
402}
403
404#define fsg_is_set(common) likely(__fsg_is_set(common, __func__, __LINE__))
405
406
407static inline struct fsg_dev *fsg_from_func(struct usb_function *f)
408{
409 return container_of(f, struct fsg_dev, function);
410}
411
412
413typedef void (*fsg_routine_t)(struct fsg_dev *);
414
415static int exception_in_progress(struct fsg_common *common)
416{
417 return common->state > FSG_STATE_IDLE;
418}
419
420
421static void set_bulk_out_req_length(struct fsg_common *common,
422 struct fsg_buffhd *bh, unsigned int length)
423{
424 unsigned int rem;
425
426 bh->bulk_out_intended_length = length;
427 rem = length % common->bulk_out_maxpacket;
428 if (rem > 0)
429 length += common->bulk_out_maxpacket - rem;
430 bh->outreq->length = length;
431}
432
433
434
435static struct ums *ums;
436static int ums_count;
437static struct fsg_common *the_fsg_common;
438static unsigned int controller_index;
439
440static int fsg_set_halt(struct fsg_dev *fsg, struct usb_ep *ep)
441{
442 const char *name;
443
444 if (ep == fsg->bulk_in)
445 name = "bulk-in";
446 else if (ep == fsg->bulk_out)
447 name = "bulk-out";
448 else
449 name = ep->name;
450 DBG(fsg, "%s set halt\n", name);
451 return usb_ep_set_halt(ep);
452}
453
454
455
456
457
458
459static void wakeup_thread(struct fsg_common *common)
460{
461 common->thread_wakeup_needed = 1;
462}
463
464static void raise_exception(struct fsg_common *common, enum fsg_state new_state)
465{
466
467
468
469 if (common->state <= new_state) {
470 common->exception_req_tag = common->ep0_req_tag;
471 common->state = new_state;
472 common->thread_wakeup_needed = 1;
473 }
474}
475
476
477
478static int ep0_queue(struct fsg_common *common)
479{
480 int rc;
481
482 rc = usb_ep_queue(common->ep0, common->ep0req, GFP_ATOMIC);
483 common->ep0->driver_data = common;
484 if (rc != 0 && rc != -ESHUTDOWN) {
485
486 WARNING(common, "error in submission: %s --> %d\n",
487 common->ep0->name, rc);
488 }
489 return rc;
490}
491
492
493
494
495
496
497static void bulk_in_complete(struct usb_ep *ep, struct usb_request *req)
498{
499 struct fsg_common *common = ep->driver_data;
500 struct fsg_buffhd *bh = req->context;
501
502 if (req->status || req->actual != req->length)
503 DBG(common, "%s --> %d, %u/%u\n", __func__,
504 req->status, req->actual, req->length);
505 if (req->status == -ECONNRESET)
506 usb_ep_fifo_flush(ep);
507
508
509 bh->inreq_busy = 0;
510 bh->state = BUF_STATE_EMPTY;
511 wakeup_thread(common);
512}
513
514static void bulk_out_complete(struct usb_ep *ep, struct usb_request *req)
515{
516 struct fsg_common *common = ep->driver_data;
517 struct fsg_buffhd *bh = req->context;
518
519 dump_msg(common, "bulk-out", req->buf, req->actual);
520 if (req->status || req->actual != bh->bulk_out_intended_length)
521 DBG(common, "%s --> %d, %u/%u\n", __func__,
522 req->status, req->actual,
523 bh->bulk_out_intended_length);
524 if (req->status == -ECONNRESET)
525 usb_ep_fifo_flush(ep);
526
527
528 bh->outreq_busy = 0;
529 bh->state = BUF_STATE_FULL;
530 wakeup_thread(common);
531}
532
533
534
535
536
537static int fsg_setup(struct usb_function *f,
538 const struct usb_ctrlrequest *ctrl)
539{
540 struct fsg_dev *fsg = fsg_from_func(f);
541 struct usb_request *req = fsg->common->ep0req;
542 u16 w_index = get_unaligned_le16(&ctrl->wIndex);
543 u16 w_value = get_unaligned_le16(&ctrl->wValue);
544 u16 w_length = get_unaligned_le16(&ctrl->wLength);
545
546 if (!fsg_is_set(fsg->common))
547 return -EOPNOTSUPP;
548
549 switch (ctrl->bRequest) {
550
551 case USB_BULK_RESET_REQUEST:
552 if (ctrl->bRequestType !=
553 (USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE))
554 break;
555 if (w_index != fsg->interface_number || w_value != 0)
556 return -EDOM;
557
558
559
560 DBG(fsg, "bulk reset request\n");
561 raise_exception(fsg->common, FSG_STATE_RESET);
562 return DELAYED_STATUS;
563
564 case USB_BULK_GET_MAX_LUN_REQUEST:
565 if (ctrl->bRequestType !=
566 (USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE))
567 break;
568 if (w_index != fsg->interface_number || w_value != 0)
569 return -EDOM;
570 VDBG(fsg, "get max LUN\n");
571 *(u8 *) req->buf = fsg->common->nluns - 1;
572
573
574 req->length = min((u16)1, w_length);
575 return ep0_queue(fsg->common);
576 }
577
578 VDBG(fsg,
579 "unknown class-specific control req "
580 "%02x.%02x v%04x i%04x l%u\n",
581 ctrl->bRequestType, ctrl->bRequest,
582 get_unaligned_le16(&ctrl->wValue), w_index, w_length);
583 return -EOPNOTSUPP;
584}
585
586
587
588
589
590
591static void start_transfer(struct fsg_dev *fsg, struct usb_ep *ep,
592 struct usb_request *req, int *pbusy,
593 enum fsg_buffer_state *state)
594{
595 int rc;
596
597 if (ep == fsg->bulk_in)
598 dump_msg(fsg, "bulk-in", req->buf, req->length);
599
600 *pbusy = 1;
601 *state = BUF_STATE_BUSY;
602 rc = usb_ep_queue(ep, req, GFP_KERNEL);
603 if (rc != 0) {
604 *pbusy = 0;
605 *state = BUF_STATE_EMPTY;
606
607
608
609
610
611 if (rc != -ESHUTDOWN && !(rc == -EOPNOTSUPP &&
612 req->length == 0))
613 WARNING(fsg, "error in submission: %s --> %d\n",
614 ep->name, rc);
615 }
616}
617
618#define START_TRANSFER_OR(common, ep_name, req, pbusy, state) \
619 if (fsg_is_set(common)) \
620 start_transfer((common)->fsg, (common)->fsg->ep_name, \
621 req, pbusy, state); \
622 else
623
624#define START_TRANSFER(common, ep_name, req, pbusy, state) \
625 START_TRANSFER_OR(common, ep_name, req, pbusy, state) (void)0
626
627static void busy_indicator(void)
628{
629 static int state;
630
631 switch (state) {
632 case 0:
633 puts("\r|"); break;
634 case 1:
635 puts("\r/"); break;
636 case 2:
637 puts("\r-"); break;
638 case 3:
639 puts("\r\\"); break;
640 case 4:
641 puts("\r|"); break;
642 case 5:
643 puts("\r/"); break;
644 case 6:
645 puts("\r-"); break;
646 case 7:
647 puts("\r\\"); break;
648 default:
649 state = 0;
650 }
651 if (state++ == 8)
652 state = 0;
653}
654
655static int sleep_thread(struct fsg_common *common)
656{
657 int rc = 0;
658 int i = 0, k = 0;
659
660
661 for (;;) {
662 if (common->thread_wakeup_needed)
663 break;
664
665 if (++i == 20000) {
666 busy_indicator();
667 i = 0;
668 k++;
669 }
670
671 if (k == 10) {
672
673 if (ctrlc())
674 return -EPIPE;
675
676
677 if (!g_dnl_board_usb_cable_connected())
678 return -EIO;
679
680 k = 0;
681 }
682
683 usb_gadget_handle_interrupts(controller_index);
684 }
685 common->thread_wakeup_needed = 0;
686 return rc;
687}
688
689
690
691static int do_read(struct fsg_common *common)
692{
693 struct fsg_lun *curlun = &common->luns[common->lun];
694 u32 lba;
695 struct fsg_buffhd *bh;
696 int rc;
697 u32 amount_left;
698 loff_t file_offset;
699 unsigned int amount;
700 unsigned int partial_page;
701 ssize_t nread;
702
703
704
705 if (common->cmnd[0] == SC_READ_6)
706 lba = get_unaligned_be24(&common->cmnd[1]);
707 else {
708 lba = get_unaligned_be32(&common->cmnd[2]);
709
710
711
712
713 if ((common->cmnd[1] & ~0x18) != 0) {
714 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
715 return -EINVAL;
716 }
717 }
718 if (lba >= curlun->num_sectors) {
719 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
720 return -EINVAL;
721 }
722 file_offset = ((loff_t) lba) << 9;
723
724
725 amount_left = common->data_size_from_cmnd;
726 if (unlikely(amount_left == 0))
727 return -EIO;
728
729 for (;;) {
730
731
732
733
734
735
736
737
738
739 amount = min(amount_left, FSG_BUFLEN);
740 partial_page = file_offset & (PAGE_CACHE_SIZE - 1);
741 if (partial_page > 0)
742 amount = min(amount, (unsigned int) PAGE_CACHE_SIZE -
743 partial_page);
744
745
746 bh = common->next_buffhd_to_fill;
747 while (bh->state != BUF_STATE_EMPTY) {
748 rc = sleep_thread(common);
749 if (rc)
750 return rc;
751 }
752
753
754
755 if (amount == 0) {
756 curlun->sense_data =
757 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
758 curlun->info_valid = 1;
759 bh->inreq->length = 0;
760 bh->state = BUF_STATE_FULL;
761 break;
762 }
763
764
765 rc = ums[common->lun].read_sector(&ums[common->lun],
766 file_offset / SECTOR_SIZE,
767 amount / SECTOR_SIZE,
768 (char __user *)bh->buf);
769 if (!rc)
770 return -EIO;
771
772 nread = rc * SECTOR_SIZE;
773
774 VLDBG(curlun, "file read %u @ %llu -> %d\n", amount,
775 (unsigned long long) file_offset,
776 (int) nread);
777
778 if (nread < 0) {
779 LDBG(curlun, "error in file read: %d\n",
780 (int) nread);
781 nread = 0;
782 } else if (nread < amount) {
783 LDBG(curlun, "partial file read: %d/%u\n",
784 (int) nread, amount);
785 nread -= (nread & 511);
786 }
787 file_offset += nread;
788 amount_left -= nread;
789 common->residue -= nread;
790 bh->inreq->length = nread;
791 bh->state = BUF_STATE_FULL;
792
793
794 if (nread < amount) {
795 curlun->sense_data = SS_UNRECOVERED_READ_ERROR;
796 curlun->info_valid = 1;
797 break;
798 }
799
800 if (amount_left == 0)
801 break;
802
803
804 bh->inreq->zero = 0;
805 START_TRANSFER_OR(common, bulk_in, bh->inreq,
806 &bh->inreq_busy, &bh->state)
807
808
809 return -EIO;
810 common->next_buffhd_to_fill = bh->next;
811 }
812
813 return -EIO;
814}
815
816
817
818static int do_write(struct fsg_common *common)
819{
820 struct fsg_lun *curlun = &common->luns[common->lun];
821 u32 lba;
822 struct fsg_buffhd *bh;
823 int get_some_more;
824 u32 amount_left_to_req, amount_left_to_write;
825 loff_t usb_offset, file_offset;
826 unsigned int amount;
827 unsigned int partial_page;
828 ssize_t nwritten;
829 int rc;
830
831 if (curlun->ro) {
832 curlun->sense_data = SS_WRITE_PROTECTED;
833 return -EINVAL;
834 }
835
836
837
838 if (common->cmnd[0] == SC_WRITE_6)
839 lba = get_unaligned_be24(&common->cmnd[1]);
840 else {
841 lba = get_unaligned_be32(&common->cmnd[2]);
842
843
844
845
846
847 if (common->cmnd[1] & ~0x18) {
848 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
849 return -EINVAL;
850 }
851 }
852 if (lba >= curlun->num_sectors) {
853 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
854 return -EINVAL;
855 }
856
857
858 get_some_more = 1;
859 file_offset = usb_offset = ((loff_t) lba) << 9;
860 amount_left_to_req = common->data_size_from_cmnd;
861 amount_left_to_write = common->data_size_from_cmnd;
862
863 while (amount_left_to_write > 0) {
864
865
866 bh = common->next_buffhd_to_fill;
867 if (bh->state == BUF_STATE_EMPTY && get_some_more) {
868
869
870
871
872
873
874
875
876
877
878 amount = min(amount_left_to_req, FSG_BUFLEN);
879 partial_page = usb_offset & (PAGE_CACHE_SIZE - 1);
880 if (partial_page > 0)
881 amount = min(amount,
882 (unsigned int) PAGE_CACHE_SIZE - partial_page);
883
884 if (amount == 0) {
885 get_some_more = 0;
886 curlun->sense_data =
887 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
888 curlun->info_valid = 1;
889 continue;
890 }
891 amount -= (amount & 511);
892 if (amount == 0) {
893
894
895
896 get_some_more = 0;
897 continue;
898 }
899
900
901 usb_offset += amount;
902 common->usb_amount_left -= amount;
903 amount_left_to_req -= amount;
904 if (amount_left_to_req == 0)
905 get_some_more = 0;
906
907
908
909 bh->outreq->length = amount;
910 bh->bulk_out_intended_length = amount;
911 bh->outreq->short_not_ok = 1;
912 START_TRANSFER_OR(common, bulk_out, bh->outreq,
913 &bh->outreq_busy, &bh->state)
914
915
916 return -EIO;
917 common->next_buffhd_to_fill = bh->next;
918 continue;
919 }
920
921
922 bh = common->next_buffhd_to_drain;
923 if (bh->state == BUF_STATE_EMPTY && !get_some_more)
924 break;
925 if (bh->state == BUF_STATE_FULL) {
926 common->next_buffhd_to_drain = bh->next;
927 bh->state = BUF_STATE_EMPTY;
928
929
930 if (bh->outreq->status != 0) {
931 curlun->sense_data = SS_COMMUNICATION_FAILURE;
932 curlun->info_valid = 1;
933 break;
934 }
935
936 amount = bh->outreq->actual;
937
938
939 rc = ums[common->lun].write_sector(&ums[common->lun],
940 file_offset / SECTOR_SIZE,
941 amount / SECTOR_SIZE,
942 (char __user *)bh->buf);
943 if (!rc)
944 return -EIO;
945 nwritten = rc * SECTOR_SIZE;
946
947 VLDBG(curlun, "file write %u @ %llu -> %d\n", amount,
948 (unsigned long long) file_offset,
949 (int) nwritten);
950
951 if (nwritten < 0) {
952 LDBG(curlun, "error in file write: %d\n",
953 (int) nwritten);
954 nwritten = 0;
955 } else if (nwritten < amount) {
956 LDBG(curlun, "partial file write: %d/%u\n",
957 (int) nwritten, amount);
958 nwritten -= (nwritten & 511);
959
960 }
961 file_offset += nwritten;
962 amount_left_to_write -= nwritten;
963 common->residue -= nwritten;
964
965
966 if (nwritten < amount) {
967 printf("nwritten:%zd amount:%u\n", nwritten,
968 amount);
969 curlun->sense_data = SS_WRITE_ERROR;
970 curlun->info_valid = 1;
971 break;
972 }
973
974
975 if (bh->outreq->actual != bh->outreq->length) {
976 common->short_packet_received = 1;
977 break;
978 }
979 continue;
980 }
981
982
983 rc = sleep_thread(common);
984 if (rc)
985 return rc;
986 }
987
988 return -EIO;
989}
990
991
992
993static int do_synchronize_cache(struct fsg_common *common)
994{
995 return 0;
996}
997
998
999
1000static int do_verify(struct fsg_common *common)
1001{
1002 struct fsg_lun *curlun = &common->luns[common->lun];
1003 u32 lba;
1004 u32 verification_length;
1005 struct fsg_buffhd *bh = common->next_buffhd_to_fill;
1006 loff_t file_offset;
1007 u32 amount_left;
1008 unsigned int amount;
1009 ssize_t nread;
1010 int rc;
1011
1012
1013
1014 lba = get_unaligned_be32(&common->cmnd[2]);
1015 if (lba >= curlun->num_sectors) {
1016 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1017 return -EINVAL;
1018 }
1019
1020
1021
1022 if (common->cmnd[1] & ~0x10) {
1023 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1024 return -EINVAL;
1025 }
1026
1027 verification_length = get_unaligned_be16(&common->cmnd[7]);
1028 if (unlikely(verification_length == 0))
1029 return -EIO;
1030
1031
1032 amount_left = verification_length << 9;
1033 file_offset = ((loff_t) lba) << 9;
1034
1035
1036
1037
1038 while (amount_left > 0) {
1039
1040
1041
1042
1043
1044
1045
1046 amount = min(amount_left, FSG_BUFLEN);
1047 if (amount == 0) {
1048 curlun->sense_data =
1049 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1050 curlun->info_valid = 1;
1051 break;
1052 }
1053
1054
1055 rc = ums[common->lun].read_sector(&ums[common->lun],
1056 file_offset / SECTOR_SIZE,
1057 amount / SECTOR_SIZE,
1058 (char __user *)bh->buf);
1059 if (!rc)
1060 return -EIO;
1061 nread = rc * SECTOR_SIZE;
1062
1063 VLDBG(curlun, "file read %u @ %llu -> %d\n", amount,
1064 (unsigned long long) file_offset,
1065 (int) nread);
1066 if (nread < 0) {
1067 LDBG(curlun, "error in file verify: %d\n",
1068 (int) nread);
1069 nread = 0;
1070 } else if (nread < amount) {
1071 LDBG(curlun, "partial file verify: %d/%u\n",
1072 (int) nread, amount);
1073 nread -= (nread & 511);
1074 }
1075 if (nread == 0) {
1076 curlun->sense_data = SS_UNRECOVERED_READ_ERROR;
1077 curlun->info_valid = 1;
1078 break;
1079 }
1080 file_offset += nread;
1081 amount_left -= nread;
1082 }
1083 return 0;
1084}
1085
1086
1087
1088static int do_inquiry(struct fsg_common *common, struct fsg_buffhd *bh)
1089{
1090 struct fsg_lun *curlun = &common->luns[common->lun];
1091 static const char vendor_id[] = "Linux ";
1092 u8 *buf = (u8 *) bh->buf;
1093
1094 if (!curlun) {
1095 common->bad_lun_okay = 1;
1096 memset(buf, 0, 36);
1097 buf[0] = 0x7f;
1098 buf[4] = 31;
1099 return 36;
1100 }
1101
1102 memset(buf, 0, 8);
1103 buf[0] = TYPE_DISK;
1104 buf[1] = curlun->removable ? 0x80 : 0;
1105 buf[2] = 2;
1106 buf[3] = 2;
1107 buf[4] = 31;
1108
1109 sprintf((char *) (buf + 8), "%-8s%-16s%04x", (char*) vendor_id ,
1110 ums[common->lun].name, (u16) 0xffff);
1111
1112 return 36;
1113}
1114
1115
1116static int do_request_sense(struct fsg_common *common, struct fsg_buffhd *bh)
1117{
1118 struct fsg_lun *curlun = &common->luns[common->lun];
1119 u8 *buf = (u8 *) bh->buf;
1120 u32 sd, sdinfo = 0;
1121 int valid;
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138#if 0
1139 if (curlun && curlun->unit_attention_data != SS_NO_SENSE) {
1140 curlun->sense_data = curlun->unit_attention_data;
1141 curlun->unit_attention_data = SS_NO_SENSE;
1142 }
1143#endif
1144
1145 if (!curlun) {
1146 common->bad_lun_okay = 1;
1147 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED;
1148 valid = 0;
1149 } else {
1150 sd = curlun->sense_data;
1151 valid = curlun->info_valid << 7;
1152 curlun->sense_data = SS_NO_SENSE;
1153 curlun->info_valid = 0;
1154 }
1155
1156 memset(buf, 0, 18);
1157 buf[0] = valid | 0x70;
1158 buf[2] = SK(sd);
1159 put_unaligned_be32(sdinfo, &buf[3]);
1160 buf[7] = 18 - 8;
1161 buf[12] = ASC(sd);
1162 buf[13] = ASCQ(sd);
1163 return 18;
1164}
1165
1166static int do_read_capacity(struct fsg_common *common, struct fsg_buffhd *bh)
1167{
1168 struct fsg_lun *curlun = &common->luns[common->lun];
1169 u32 lba = get_unaligned_be32(&common->cmnd[2]);
1170 int pmi = common->cmnd[8];
1171 u8 *buf = (u8 *) bh->buf;
1172
1173
1174 if (pmi > 1 || (pmi == 0 && lba != 0)) {
1175 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1176 return -EINVAL;
1177 }
1178
1179 put_unaligned_be32(curlun->num_sectors - 1, &buf[0]);
1180
1181 put_unaligned_be32(512, &buf[4]);
1182 return 8;
1183}
1184
1185static int do_read_header(struct fsg_common *common, struct fsg_buffhd *bh)
1186{
1187 struct fsg_lun *curlun = &common->luns[common->lun];
1188 int msf = common->cmnd[1] & 0x02;
1189 u32 lba = get_unaligned_be32(&common->cmnd[2]);
1190 u8 *buf = (u8 *) bh->buf;
1191
1192 if (common->cmnd[1] & ~0x02) {
1193 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1194 return -EINVAL;
1195 }
1196 if (lba >= curlun->num_sectors) {
1197 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1198 return -EINVAL;
1199 }
1200
1201 memset(buf, 0, 8);
1202 buf[0] = 0x01;
1203 store_cdrom_address(&buf[4], msf, lba);
1204 return 8;
1205}
1206
1207
1208static int do_read_toc(struct fsg_common *common, struct fsg_buffhd *bh)
1209{
1210 struct fsg_lun *curlun = &common->luns[common->lun];
1211 int msf = common->cmnd[1] & 0x02;
1212 int start_track = common->cmnd[6];
1213 u8 *buf = (u8 *) bh->buf;
1214
1215 if ((common->cmnd[1] & ~0x02) != 0 ||
1216 start_track > 1) {
1217 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1218 return -EINVAL;
1219 }
1220
1221 memset(buf, 0, 20);
1222 buf[1] = (20-2);
1223 buf[2] = 1;
1224 buf[3] = 1;
1225 buf[5] = 0x16;
1226 buf[6] = 0x01;
1227 store_cdrom_address(&buf[8], msf, 0);
1228
1229 buf[13] = 0x16;
1230 buf[14] = 0xAA;
1231 store_cdrom_address(&buf[16], msf, curlun->num_sectors);
1232
1233 return 20;
1234}
1235
1236static int do_mode_sense(struct fsg_common *common, struct fsg_buffhd *bh)
1237{
1238 struct fsg_lun *curlun = &common->luns[common->lun];
1239 int mscmnd = common->cmnd[0];
1240 u8 *buf = (u8 *) bh->buf;
1241 u8 *buf0 = buf;
1242 int pc, page_code;
1243 int changeable_values, all_pages;
1244 int valid_page = 0;
1245 int len, limit;
1246
1247 if ((common->cmnd[1] & ~0x08) != 0) {
1248 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1249 return -EINVAL;
1250 }
1251 pc = common->cmnd[2] >> 6;
1252 page_code = common->cmnd[2] & 0x3f;
1253 if (pc == 3) {
1254 curlun->sense_data = SS_SAVING_PARAMETERS_NOT_SUPPORTED;
1255 return -EINVAL;
1256 }
1257 changeable_values = (pc == 1);
1258 all_pages = (page_code == 0x3f);
1259
1260
1261
1262
1263
1264 memset(buf, 0, 8);
1265 if (mscmnd == SC_MODE_SENSE_6) {
1266 buf[2] = (curlun->ro ? 0x80 : 0x00);
1267 buf += 4;
1268 limit = 255;
1269 } else {
1270 buf[3] = (curlun->ro ? 0x80 : 0x00);
1271 buf += 8;
1272 limit = 65535;
1273 }
1274
1275
1276
1277
1278
1279 if (page_code == 0x08 || all_pages) {
1280 valid_page = 1;
1281 buf[0] = 0x08;
1282 buf[1] = 10;
1283 memset(buf+2, 0, 10);
1284
1285 if (!changeable_values) {
1286 buf[2] = 0x04;
1287
1288
1289 put_unaligned_be16(0xffff, &buf[4]);
1290
1291
1292 put_unaligned_be16(0xffff, &buf[8]);
1293
1294 put_unaligned_be16(0xffff, &buf[10]);
1295
1296 }
1297 buf += 12;
1298 }
1299
1300
1301
1302 len = buf - buf0;
1303 if (!valid_page || len > limit) {
1304 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1305 return -EINVAL;
1306 }
1307
1308
1309 if (mscmnd == SC_MODE_SENSE_6)
1310 buf0[0] = len - 1;
1311 else
1312 put_unaligned_be16(len - 2, buf0);
1313 return len;
1314}
1315
1316
1317static int do_start_stop(struct fsg_common *common)
1318{
1319 struct fsg_lun *curlun = &common->luns[common->lun];
1320
1321 if (!curlun) {
1322 return -EINVAL;
1323 } else if (!curlun->removable) {
1324 curlun->sense_data = SS_INVALID_COMMAND;
1325 return -EINVAL;
1326 }
1327
1328 return 0;
1329}
1330
1331static int do_prevent_allow(struct fsg_common *common)
1332{
1333 struct fsg_lun *curlun = &common->luns[common->lun];
1334 int prevent;
1335
1336 if (!curlun->removable) {
1337 curlun->sense_data = SS_INVALID_COMMAND;
1338 return -EINVAL;
1339 }
1340
1341 prevent = common->cmnd[4] & 0x01;
1342 if ((common->cmnd[4] & ~0x01) != 0) {
1343 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1344 return -EINVAL;
1345 }
1346
1347 if (curlun->prevent_medium_removal && !prevent)
1348 fsg_lun_fsync_sub(curlun);
1349 curlun->prevent_medium_removal = prevent;
1350 return 0;
1351}
1352
1353
1354static int do_read_format_capacities(struct fsg_common *common,
1355 struct fsg_buffhd *bh)
1356{
1357 struct fsg_lun *curlun = &common->luns[common->lun];
1358 u8 *buf = (u8 *) bh->buf;
1359
1360 buf[0] = buf[1] = buf[2] = 0;
1361 buf[3] = 8;
1362 buf += 4;
1363
1364 put_unaligned_be32(curlun->num_sectors, &buf[0]);
1365
1366 put_unaligned_be32(512, &buf[4]);
1367 buf[4] = 0x02;
1368 return 12;
1369}
1370
1371
1372static int do_mode_select(struct fsg_common *common, struct fsg_buffhd *bh)
1373{
1374 struct fsg_lun *curlun = &common->luns[common->lun];
1375
1376
1377 if (curlun)
1378 curlun->sense_data = SS_INVALID_COMMAND;
1379 return -EINVAL;
1380}
1381
1382
1383
1384
1385static int halt_bulk_in_endpoint(struct fsg_dev *fsg)
1386{
1387 int rc;
1388
1389 rc = fsg_set_halt(fsg, fsg->bulk_in);
1390 if (rc == -EAGAIN)
1391 VDBG(fsg, "delayed bulk-in endpoint halt\n");
1392 while (rc != 0) {
1393 if (rc != -EAGAIN) {
1394 WARNING(fsg, "usb_ep_set_halt -> %d\n", rc);
1395 rc = 0;
1396 break;
1397 }
1398
1399 rc = usb_ep_set_halt(fsg->bulk_in);
1400 }
1401 return rc;
1402}
1403
1404static int wedge_bulk_in_endpoint(struct fsg_dev *fsg)
1405{
1406 int rc;
1407
1408 DBG(fsg, "bulk-in set wedge\n");
1409 rc = 0;
1410 if (rc == -EAGAIN)
1411 VDBG(fsg, "delayed bulk-in endpoint wedge\n");
1412 while (rc != 0) {
1413 if (rc != -EAGAIN) {
1414 WARNING(fsg, "usb_ep_set_wedge -> %d\n", rc);
1415 rc = 0;
1416 break;
1417 }
1418 }
1419 return rc;
1420}
1421
1422static int pad_with_zeros(struct fsg_dev *fsg)
1423{
1424 struct fsg_buffhd *bh = fsg->common->next_buffhd_to_fill;
1425 u32 nkeep = bh->inreq->length;
1426 u32 nsend;
1427 int rc;
1428
1429 bh->state = BUF_STATE_EMPTY;
1430 fsg->common->usb_amount_left = nkeep + fsg->common->residue;
1431 while (fsg->common->usb_amount_left > 0) {
1432
1433
1434 while (bh->state != BUF_STATE_EMPTY) {
1435 rc = sleep_thread(fsg->common);
1436 if (rc)
1437 return rc;
1438 }
1439
1440 nsend = min(fsg->common->usb_amount_left, FSG_BUFLEN);
1441 memset(bh->buf + nkeep, 0, nsend - nkeep);
1442 bh->inreq->length = nsend;
1443 bh->inreq->zero = 0;
1444 start_transfer(fsg, fsg->bulk_in, bh->inreq,
1445 &bh->inreq_busy, &bh->state);
1446 bh = fsg->common->next_buffhd_to_fill = bh->next;
1447 fsg->common->usb_amount_left -= nsend;
1448 nkeep = 0;
1449 }
1450 return 0;
1451}
1452
1453static int throw_away_data(struct fsg_common *common)
1454{
1455 struct fsg_buffhd *bh;
1456 u32 amount;
1457 int rc;
1458
1459 for (bh = common->next_buffhd_to_drain;
1460 bh->state != BUF_STATE_EMPTY || common->usb_amount_left > 0;
1461 bh = common->next_buffhd_to_drain) {
1462
1463
1464 if (bh->state == BUF_STATE_FULL) {
1465 bh->state = BUF_STATE_EMPTY;
1466 common->next_buffhd_to_drain = bh->next;
1467
1468
1469 if (bh->outreq->actual != bh->outreq->length ||
1470 bh->outreq->status != 0) {
1471 raise_exception(common,
1472 FSG_STATE_ABORT_BULK_OUT);
1473 return -EINTR;
1474 }
1475 continue;
1476 }
1477
1478
1479 bh = common->next_buffhd_to_fill;
1480 if (bh->state == BUF_STATE_EMPTY
1481 && common->usb_amount_left > 0) {
1482 amount = min(common->usb_amount_left, FSG_BUFLEN);
1483
1484
1485
1486 bh->outreq->length = amount;
1487 bh->bulk_out_intended_length = amount;
1488 bh->outreq->short_not_ok = 1;
1489 START_TRANSFER_OR(common, bulk_out, bh->outreq,
1490 &bh->outreq_busy, &bh->state)
1491
1492
1493 return -EIO;
1494 common->next_buffhd_to_fill = bh->next;
1495 common->usb_amount_left -= amount;
1496 continue;
1497 }
1498
1499
1500 rc = sleep_thread(common);
1501 if (rc)
1502 return rc;
1503 }
1504 return 0;
1505}
1506
1507
1508static int finish_reply(struct fsg_common *common)
1509{
1510 struct fsg_buffhd *bh = common->next_buffhd_to_fill;
1511 int rc = 0;
1512
1513 switch (common->data_dir) {
1514 case DATA_DIR_NONE:
1515 break;
1516
1517
1518
1519
1520
1521 case DATA_DIR_UNKNOWN:
1522 if (!common->can_stall) {
1523
1524 } else if (fsg_is_set(common)) {
1525 fsg_set_halt(common->fsg, common->fsg->bulk_out);
1526 rc = halt_bulk_in_endpoint(common->fsg);
1527 } else {
1528
1529 rc = -EIO;
1530 }
1531 break;
1532
1533
1534 case DATA_DIR_TO_HOST:
1535 if (common->data_size == 0) {
1536
1537
1538
1539 } else if (common->residue == 0) {
1540 bh->inreq->zero = 0;
1541 START_TRANSFER_OR(common, bulk_in, bh->inreq,
1542 &bh->inreq_busy, &bh->state)
1543 return -EIO;
1544 common->next_buffhd_to_fill = bh->next;
1545
1546
1547
1548
1549 } else if (common->can_stall) {
1550 bh->inreq->zero = 1;
1551 START_TRANSFER_OR(common, bulk_in, bh->inreq,
1552 &bh->inreq_busy, &bh->state)
1553
1554
1555 rc = -EIO;
1556 common->next_buffhd_to_fill = bh->next;
1557 if (common->fsg)
1558 rc = halt_bulk_in_endpoint(common->fsg);
1559 } else if (fsg_is_set(common)) {
1560 rc = pad_with_zeros(common->fsg);
1561 } else {
1562
1563 rc = -EIO;
1564 }
1565 break;
1566
1567
1568
1569 case DATA_DIR_FROM_HOST:
1570 if (common->residue == 0) {
1571
1572
1573
1574 } else if (common->short_packet_received) {
1575 raise_exception(common, FSG_STATE_ABORT_BULK_OUT);
1576 rc = -EINTR;
1577
1578
1579
1580
1581
1582
1583
1584#if 0
1585 } else if (common->can_stall) {
1586 if (fsg_is_set(common))
1587 fsg_set_halt(common->fsg,
1588 common->fsg->bulk_out);
1589 raise_exception(common, FSG_STATE_ABORT_BULK_OUT);
1590 rc = -EINTR;
1591#endif
1592
1593
1594
1595 } else {
1596 rc = throw_away_data(common);
1597 }
1598 break;
1599 }
1600 return rc;
1601}
1602
1603
1604static int send_status(struct fsg_common *common)
1605{
1606 struct fsg_lun *curlun = &common->luns[common->lun];
1607 struct fsg_buffhd *bh;
1608 struct bulk_cs_wrap *csw;
1609 int rc;
1610 u8 status = USB_STATUS_PASS;
1611 u32 sd, sdinfo = 0;
1612
1613
1614 bh = common->next_buffhd_to_fill;
1615 while (bh->state != BUF_STATE_EMPTY) {
1616 rc = sleep_thread(common);
1617 if (rc)
1618 return rc;
1619 }
1620
1621 if (curlun)
1622 sd = curlun->sense_data;
1623 else if (common->bad_lun_okay)
1624 sd = SS_NO_SENSE;
1625 else
1626 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED;
1627
1628 if (common->phase_error) {
1629 DBG(common, "sending phase-error status\n");
1630 status = USB_STATUS_PHASE_ERROR;
1631 sd = SS_INVALID_COMMAND;
1632 } else if (sd != SS_NO_SENSE) {
1633 DBG(common, "sending command-failure status\n");
1634 status = USB_STATUS_FAIL;
1635 VDBG(common, " sense data: SK x%02x, ASC x%02x, ASCQ x%02x;"
1636 " info x%x\n",
1637 SK(sd), ASC(sd), ASCQ(sd), sdinfo);
1638 }
1639
1640
1641 csw = (void *)bh->buf;
1642
1643 csw->Signature = cpu_to_le32(USB_BULK_CS_SIG);
1644 csw->Tag = common->tag;
1645 csw->Residue = cpu_to_le32(common->residue);
1646 csw->Status = status;
1647
1648 bh->inreq->length = USB_BULK_CS_WRAP_LEN;
1649 bh->inreq->zero = 0;
1650 START_TRANSFER_OR(common, bulk_in, bh->inreq,
1651 &bh->inreq_busy, &bh->state)
1652
1653 return -EIO;
1654
1655 common->next_buffhd_to_fill = bh->next;
1656 return 0;
1657}
1658
1659
1660
1661
1662
1663
1664static int check_command(struct fsg_common *common, int cmnd_size,
1665 enum data_direction data_dir, unsigned int mask,
1666 int needs_medium, const char *name)
1667{
1668 int i;
1669 int lun = common->cmnd[1] >> 5;
1670 static const char dirletter[4] = {'u', 'o', 'i', 'n'};
1671 char hdlen[20];
1672 struct fsg_lun *curlun;
1673
1674 hdlen[0] = 0;
1675 if (common->data_dir != DATA_DIR_UNKNOWN)
1676 sprintf(hdlen, ", H%c=%u", dirletter[(int) common->data_dir],
1677 common->data_size);
1678 VDBG(common, "SCSI command: %s; Dc=%d, D%c=%u; Hc=%d%s\n",
1679 name, cmnd_size, dirletter[(int) data_dir],
1680 common->data_size_from_cmnd, common->cmnd_size, hdlen);
1681
1682
1683
1684 if (common->data_size_from_cmnd == 0)
1685 data_dir = DATA_DIR_NONE;
1686 if (common->data_size < common->data_size_from_cmnd) {
1687
1688
1689
1690 common->data_size_from_cmnd = common->data_size;
1691 common->phase_error = 1;
1692 }
1693 common->residue = common->data_size;
1694 common->usb_amount_left = common->data_size;
1695
1696
1697 if (common->data_dir != data_dir
1698 && common->data_size_from_cmnd > 0) {
1699 common->phase_error = 1;
1700 return -EINVAL;
1701 }
1702
1703
1704 if (cmnd_size != common->cmnd_size) {
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718 if (cmnd_size <= common->cmnd_size) {
1719 DBG(common, "%s is buggy! Expected length %d "
1720 "but we got %d\n", name,
1721 cmnd_size, common->cmnd_size);
1722 cmnd_size = common->cmnd_size;
1723 } else {
1724 common->phase_error = 1;
1725 return -EINVAL;
1726 }
1727 }
1728
1729
1730 if (common->lun != lun)
1731 DBG(common, "using LUN %d from CBW, not LUN %d from CDB\n",
1732 common->lun, lun);
1733
1734
1735 if (common->lun < common->nluns) {
1736 curlun = &common->luns[common->lun];
1737 if (common->cmnd[0] != SC_REQUEST_SENSE) {
1738 curlun->sense_data = SS_NO_SENSE;
1739 curlun->info_valid = 0;
1740 }
1741 } else {
1742 curlun = NULL;
1743 common->bad_lun_okay = 0;
1744
1745
1746
1747 if (common->cmnd[0] != SC_INQUIRY &&
1748 common->cmnd[0] != SC_REQUEST_SENSE) {
1749 DBG(common, "unsupported LUN %d\n", common->lun);
1750 return -EINVAL;
1751 }
1752 }
1753#if 0
1754
1755
1756 if (curlun && curlun->unit_attention_data != SS_NO_SENSE &&
1757 common->cmnd[0] != SC_INQUIRY &&
1758 common->cmnd[0] != SC_REQUEST_SENSE) {
1759 curlun->sense_data = curlun->unit_attention_data;
1760 curlun->unit_attention_data = SS_NO_SENSE;
1761 return -EINVAL;
1762 }
1763#endif
1764
1765 common->cmnd[1] &= 0x1f;
1766 for (i = 1; i < cmnd_size; ++i) {
1767 if (common->cmnd[i] && !(mask & (1 << i))) {
1768 if (curlun)
1769 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1770 return -EINVAL;
1771 }
1772 }
1773
1774 return 0;
1775}
1776
1777
1778static int do_scsi_command(struct fsg_common *common)
1779{
1780 struct fsg_buffhd *bh;
1781 int rc;
1782 int reply = -EINVAL;
1783 int i;
1784 static char unknown[16];
1785 struct fsg_lun *curlun = &common->luns[common->lun];
1786
1787 dump_cdb(common);
1788
1789
1790 bh = common->next_buffhd_to_fill;
1791 common->next_buffhd_to_drain = bh;
1792 while (bh->state != BUF_STATE_EMPTY) {
1793 rc = sleep_thread(common);
1794 if (rc)
1795 return rc;
1796 }
1797 common->phase_error = 0;
1798 common->short_packet_received = 0;
1799
1800 down_read(&common->filesem);
1801 switch (common->cmnd[0]) {
1802
1803 case SC_INQUIRY:
1804 common->data_size_from_cmnd = common->cmnd[4];
1805 reply = check_command(common, 6, DATA_DIR_TO_HOST,
1806 (1<<4), 0,
1807 "INQUIRY");
1808 if (reply == 0)
1809 reply = do_inquiry(common, bh);
1810 break;
1811
1812 case SC_MODE_SELECT_6:
1813 common->data_size_from_cmnd = common->cmnd[4];
1814 reply = check_command(common, 6, DATA_DIR_FROM_HOST,
1815 (1<<1) | (1<<4), 0,
1816 "MODE SELECT(6)");
1817 if (reply == 0)
1818 reply = do_mode_select(common, bh);
1819 break;
1820
1821 case SC_MODE_SELECT_10:
1822 common->data_size_from_cmnd =
1823 get_unaligned_be16(&common->cmnd[7]);
1824 reply = check_command(common, 10, DATA_DIR_FROM_HOST,
1825 (1<<1) | (3<<7), 0,
1826 "MODE SELECT(10)");
1827 if (reply == 0)
1828 reply = do_mode_select(common, bh);
1829 break;
1830
1831 case SC_MODE_SENSE_6:
1832 common->data_size_from_cmnd = common->cmnd[4];
1833 reply = check_command(common, 6, DATA_DIR_TO_HOST,
1834 (1<<1) | (1<<2) | (1<<4), 0,
1835 "MODE SENSE(6)");
1836 if (reply == 0)
1837 reply = do_mode_sense(common, bh);
1838 break;
1839
1840 case SC_MODE_SENSE_10:
1841 common->data_size_from_cmnd =
1842 get_unaligned_be16(&common->cmnd[7]);
1843 reply = check_command(common, 10, DATA_DIR_TO_HOST,
1844 (1<<1) | (1<<2) | (3<<7), 0,
1845 "MODE SENSE(10)");
1846 if (reply == 0)
1847 reply = do_mode_sense(common, bh);
1848 break;
1849
1850 case SC_PREVENT_ALLOW_MEDIUM_REMOVAL:
1851 common->data_size_from_cmnd = 0;
1852 reply = check_command(common, 6, DATA_DIR_NONE,
1853 (1<<4), 0,
1854 "PREVENT-ALLOW MEDIUM REMOVAL");
1855 if (reply == 0)
1856 reply = do_prevent_allow(common);
1857 break;
1858
1859 case SC_READ_6:
1860 i = common->cmnd[4];
1861 common->data_size_from_cmnd = (i == 0 ? 256 : i) << 9;
1862 reply = check_command(common, 6, DATA_DIR_TO_HOST,
1863 (7<<1) | (1<<4), 1,
1864 "READ(6)");
1865 if (reply == 0)
1866 reply = do_read(common);
1867 break;
1868
1869 case SC_READ_10:
1870 common->data_size_from_cmnd =
1871 get_unaligned_be16(&common->cmnd[7]) << 9;
1872 reply = check_command(common, 10, DATA_DIR_TO_HOST,
1873 (1<<1) | (0xf<<2) | (3<<7), 1,
1874 "READ(10)");
1875 if (reply == 0)
1876 reply = do_read(common);
1877 break;
1878
1879 case SC_READ_12:
1880 common->data_size_from_cmnd =
1881 get_unaligned_be32(&common->cmnd[6]) << 9;
1882 reply = check_command(common, 12, DATA_DIR_TO_HOST,
1883 (1<<1) | (0xf<<2) | (0xf<<6), 1,
1884 "READ(12)");
1885 if (reply == 0)
1886 reply = do_read(common);
1887 break;
1888
1889 case SC_READ_CAPACITY:
1890 common->data_size_from_cmnd = 8;
1891 reply = check_command(common, 10, DATA_DIR_TO_HOST,
1892 (0xf<<2) | (1<<8), 1,
1893 "READ CAPACITY");
1894 if (reply == 0)
1895 reply = do_read_capacity(common, bh);
1896 break;
1897
1898 case SC_READ_HEADER:
1899 if (!common->luns[common->lun].cdrom)
1900 goto unknown_cmnd;
1901 common->data_size_from_cmnd =
1902 get_unaligned_be16(&common->cmnd[7]);
1903 reply = check_command(common, 10, DATA_DIR_TO_HOST,
1904 (3<<7) | (0x1f<<1), 1,
1905 "READ HEADER");
1906 if (reply == 0)
1907 reply = do_read_header(common, bh);
1908 break;
1909
1910 case SC_READ_TOC:
1911 if (!common->luns[common->lun].cdrom)
1912 goto unknown_cmnd;
1913 common->data_size_from_cmnd =
1914 get_unaligned_be16(&common->cmnd[7]);
1915 reply = check_command(common, 10, DATA_DIR_TO_HOST,
1916 (7<<6) | (1<<1), 1,
1917 "READ TOC");
1918 if (reply == 0)
1919 reply = do_read_toc(common, bh);
1920 break;
1921
1922 case SC_READ_FORMAT_CAPACITIES:
1923 common->data_size_from_cmnd =
1924 get_unaligned_be16(&common->cmnd[7]);
1925 reply = check_command(common, 10, DATA_DIR_TO_HOST,
1926 (3<<7), 1,
1927 "READ FORMAT CAPACITIES");
1928 if (reply == 0)
1929 reply = do_read_format_capacities(common, bh);
1930 break;
1931
1932 case SC_REQUEST_SENSE:
1933 common->data_size_from_cmnd = common->cmnd[4];
1934 reply = check_command(common, 6, DATA_DIR_TO_HOST,
1935 (1<<4), 0,
1936 "REQUEST SENSE");
1937 if (reply == 0)
1938 reply = do_request_sense(common, bh);
1939 break;
1940
1941 case SC_START_STOP_UNIT:
1942 common->data_size_from_cmnd = 0;
1943 reply = check_command(common, 6, DATA_DIR_NONE,
1944 (1<<1) | (1<<4), 0,
1945 "START-STOP UNIT");
1946 if (reply == 0)
1947 reply = do_start_stop(common);
1948 break;
1949
1950 case SC_SYNCHRONIZE_CACHE:
1951 common->data_size_from_cmnd = 0;
1952 reply = check_command(common, 10, DATA_DIR_NONE,
1953 (0xf<<2) | (3<<7), 1,
1954 "SYNCHRONIZE CACHE");
1955 if (reply == 0)
1956 reply = do_synchronize_cache(common);
1957 break;
1958
1959 case SC_TEST_UNIT_READY:
1960 common->data_size_from_cmnd = 0;
1961 reply = check_command(common, 6, DATA_DIR_NONE,
1962 0, 1,
1963 "TEST UNIT READY");
1964 break;
1965
1966
1967
1968 case SC_VERIFY:
1969 common->data_size_from_cmnd = 0;
1970 reply = check_command(common, 10, DATA_DIR_NONE,
1971 (1<<1) | (0xf<<2) | (3<<7), 1,
1972 "VERIFY");
1973 if (reply == 0)
1974 reply = do_verify(common);
1975 break;
1976
1977 case SC_WRITE_6:
1978 i = common->cmnd[4];
1979 common->data_size_from_cmnd = (i == 0 ? 256 : i) << 9;
1980 reply = check_command(common, 6, DATA_DIR_FROM_HOST,
1981 (7<<1) | (1<<4), 1,
1982 "WRITE(6)");
1983 if (reply == 0)
1984 reply = do_write(common);
1985 break;
1986
1987 case SC_WRITE_10:
1988 common->data_size_from_cmnd =
1989 get_unaligned_be16(&common->cmnd[7]) << 9;
1990 reply = check_command(common, 10, DATA_DIR_FROM_HOST,
1991 (1<<1) | (0xf<<2) | (3<<7), 1,
1992 "WRITE(10)");
1993 if (reply == 0)
1994 reply = do_write(common);
1995 break;
1996
1997 case SC_WRITE_12:
1998 common->data_size_from_cmnd =
1999 get_unaligned_be32(&common->cmnd[6]) << 9;
2000 reply = check_command(common, 12, DATA_DIR_FROM_HOST,
2001 (1<<1) | (0xf<<2) | (0xf<<6), 1,
2002 "WRITE(12)");
2003 if (reply == 0)
2004 reply = do_write(common);
2005 break;
2006
2007
2008
2009
2010
2011 case SC_FORMAT_UNIT:
2012 case SC_RELEASE:
2013 case SC_RESERVE:
2014 case SC_SEND_DIAGNOSTIC:
2015
2016
2017 default:
2018unknown_cmnd:
2019 common->data_size_from_cmnd = 0;
2020 sprintf(unknown, "Unknown x%02x", common->cmnd[0]);
2021 reply = check_command(common, common->cmnd_size,
2022 DATA_DIR_UNKNOWN, 0xff, 0, unknown);
2023 if (reply == 0) {
2024 curlun->sense_data = SS_INVALID_COMMAND;
2025 reply = -EINVAL;
2026 }
2027 break;
2028 }
2029 up_read(&common->filesem);
2030
2031 if (reply == -EINTR)
2032 return -EINTR;
2033
2034
2035 if (reply == -EINVAL)
2036 reply = 0;
2037 if (reply >= 0 && common->data_dir == DATA_DIR_TO_HOST) {
2038 reply = min((u32) reply, common->data_size_from_cmnd);
2039 bh->inreq->length = reply;
2040 bh->state = BUF_STATE_FULL;
2041 common->residue -= reply;
2042 }
2043
2044 return 0;
2045}
2046
2047
2048
2049static int received_cbw(struct fsg_dev *fsg, struct fsg_buffhd *bh)
2050{
2051 struct usb_request *req = bh->outreq;
2052 struct fsg_bulk_cb_wrap *cbw = req->buf;
2053 struct fsg_common *common = fsg->common;
2054
2055
2056 if (req->status || test_bit(IGNORE_BULK_OUT, &fsg->atomic_bitflags))
2057 return -EINVAL;
2058
2059
2060 if (req->actual != USB_BULK_CB_WRAP_LEN ||
2061 cbw->Signature != cpu_to_le32(
2062 USB_BULK_CB_SIG)) {
2063 DBG(fsg, "invalid CBW: len %u sig 0x%x\n",
2064 req->actual,
2065 le32_to_cpu(cbw->Signature));
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076 wedge_bulk_in_endpoint(fsg);
2077 generic_set_bit(IGNORE_BULK_OUT, &fsg->atomic_bitflags);
2078 return -EINVAL;
2079 }
2080
2081
2082 if (cbw->Lun >= FSG_MAX_LUNS || cbw->Flags & ~USB_BULK_IN_FLAG ||
2083 cbw->Length <= 0 || cbw->Length > MAX_COMMAND_SIZE) {
2084 DBG(fsg, "non-meaningful CBW: lun = %u, flags = 0x%x, "
2085 "cmdlen %u\n",
2086 cbw->Lun, cbw->Flags, cbw->Length);
2087
2088
2089
2090 if (common->can_stall) {
2091 fsg_set_halt(fsg, fsg->bulk_out);
2092 halt_bulk_in_endpoint(fsg);
2093 }
2094 return -EINVAL;
2095 }
2096
2097
2098 common->cmnd_size = cbw->Length;
2099 memcpy(common->cmnd, cbw->CDB, common->cmnd_size);
2100 if (cbw->Flags & USB_BULK_IN_FLAG)
2101 common->data_dir = DATA_DIR_TO_HOST;
2102 else
2103 common->data_dir = DATA_DIR_FROM_HOST;
2104 common->data_size = le32_to_cpu(cbw->DataTransferLength);
2105 if (common->data_size == 0)
2106 common->data_dir = DATA_DIR_NONE;
2107 common->lun = cbw->Lun;
2108 common->tag = cbw->Tag;
2109 return 0;
2110}
2111
2112
2113static int get_next_command(struct fsg_common *common)
2114{
2115 struct fsg_buffhd *bh;
2116 int rc = 0;
2117
2118
2119 bh = common->next_buffhd_to_fill;
2120 while (bh->state != BUF_STATE_EMPTY) {
2121 rc = sleep_thread(common);
2122 if (rc)
2123 return rc;
2124 }
2125
2126
2127 set_bulk_out_req_length(common, bh, USB_BULK_CB_WRAP_LEN);
2128 bh->outreq->short_not_ok = 1;
2129 START_TRANSFER_OR(common, bulk_out, bh->outreq,
2130 &bh->outreq_busy, &bh->state)
2131
2132 return -EIO;
2133
2134
2135
2136
2137
2138
2139 while (bh->state != BUF_STATE_FULL) {
2140 rc = sleep_thread(common);
2141 if (rc)
2142 return rc;
2143 }
2144
2145 rc = fsg_is_set(common) ? received_cbw(common->fsg, bh) : -EIO;
2146 bh->state = BUF_STATE_EMPTY;
2147
2148 return rc;
2149}
2150
2151
2152
2153
2154static int enable_endpoint(struct fsg_common *common, struct usb_ep *ep,
2155 const struct usb_endpoint_descriptor *d)
2156{
2157 int rc;
2158
2159 ep->driver_data = common;
2160 rc = usb_ep_enable(ep, d);
2161 if (rc)
2162 ERROR(common, "can't enable %s, result %d\n", ep->name, rc);
2163 return rc;
2164}
2165
2166static int alloc_request(struct fsg_common *common, struct usb_ep *ep,
2167 struct usb_request **preq)
2168{
2169 *preq = usb_ep_alloc_request(ep, GFP_ATOMIC);
2170 if (*preq)
2171 return 0;
2172 ERROR(common, "can't allocate request for %s\n", ep->name);
2173 return -ENOMEM;
2174}
2175
2176
2177static int do_set_interface(struct fsg_common *common, struct fsg_dev *new_fsg)
2178{
2179 const struct usb_endpoint_descriptor *d;
2180 struct fsg_dev *fsg;
2181 int i, rc = 0;
2182
2183 if (common->running)
2184 DBG(common, "reset interface\n");
2185
2186reset:
2187
2188 if (common->fsg) {
2189 fsg = common->fsg;
2190
2191 for (i = 0; i < FSG_NUM_BUFFERS; ++i) {
2192 struct fsg_buffhd *bh = &common->buffhds[i];
2193
2194 if (bh->inreq) {
2195 usb_ep_free_request(fsg->bulk_in, bh->inreq);
2196 bh->inreq = NULL;
2197 }
2198 if (bh->outreq) {
2199 usb_ep_free_request(fsg->bulk_out, bh->outreq);
2200 bh->outreq = NULL;
2201 }
2202 }
2203
2204
2205 if (fsg->bulk_in_enabled) {
2206 usb_ep_disable(fsg->bulk_in);
2207 fsg->bulk_in_enabled = 0;
2208 }
2209 if (fsg->bulk_out_enabled) {
2210 usb_ep_disable(fsg->bulk_out);
2211 fsg->bulk_out_enabled = 0;
2212 }
2213
2214 common->fsg = NULL;
2215
2216 }
2217
2218 common->running = 0;
2219 if (!new_fsg || rc)
2220 return rc;
2221
2222 common->fsg = new_fsg;
2223 fsg = common->fsg;
2224
2225
2226 d = fsg_ep_desc(common->gadget,
2227 &fsg_fs_bulk_in_desc, &fsg_hs_bulk_in_desc);
2228 rc = enable_endpoint(common, fsg->bulk_in, d);
2229 if (rc)
2230 goto reset;
2231 fsg->bulk_in_enabled = 1;
2232
2233 d = fsg_ep_desc(common->gadget,
2234 &fsg_fs_bulk_out_desc, &fsg_hs_bulk_out_desc);
2235 rc = enable_endpoint(common, fsg->bulk_out, d);
2236 if (rc)
2237 goto reset;
2238 fsg->bulk_out_enabled = 1;
2239 common->bulk_out_maxpacket =
2240 le16_to_cpu(get_unaligned(&d->wMaxPacketSize));
2241 generic_clear_bit(IGNORE_BULK_OUT, &fsg->atomic_bitflags);
2242
2243
2244 for (i = 0; i < FSG_NUM_BUFFERS; ++i) {
2245 struct fsg_buffhd *bh = &common->buffhds[i];
2246
2247 rc = alloc_request(common, fsg->bulk_in, &bh->inreq);
2248 if (rc)
2249 goto reset;
2250 rc = alloc_request(common, fsg->bulk_out, &bh->outreq);
2251 if (rc)
2252 goto reset;
2253 bh->inreq->buf = bh->outreq->buf = bh->buf;
2254 bh->inreq->context = bh->outreq->context = bh;
2255 bh->inreq->complete = bulk_in_complete;
2256 bh->outreq->complete = bulk_out_complete;
2257 }
2258
2259 common->running = 1;
2260
2261 return rc;
2262}
2263
2264
2265
2266
2267
2268static int fsg_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
2269{
2270 struct fsg_dev *fsg = fsg_from_func(f);
2271 fsg->common->new_fsg = fsg;
2272 raise_exception(fsg->common, FSG_STATE_CONFIG_CHANGE);
2273 return 0;
2274}
2275
2276static void fsg_disable(struct usb_function *f)
2277{
2278 struct fsg_dev *fsg = fsg_from_func(f);
2279 fsg->common->new_fsg = NULL;
2280 raise_exception(fsg->common, FSG_STATE_CONFIG_CHANGE);
2281}
2282
2283
2284
2285static void handle_exception(struct fsg_common *common)
2286{
2287 int i;
2288 struct fsg_buffhd *bh;
2289 enum fsg_state old_state;
2290 struct fsg_lun *curlun;
2291 unsigned int exception_req_tag;
2292
2293
2294 if (common->fsg) {
2295 for (i = 0; i < FSG_NUM_BUFFERS; ++i) {
2296 bh = &common->buffhds[i];
2297 if (bh->inreq_busy)
2298 usb_ep_dequeue(common->fsg->bulk_in, bh->inreq);
2299 if (bh->outreq_busy)
2300 usb_ep_dequeue(common->fsg->bulk_out,
2301 bh->outreq);
2302 }
2303
2304
2305 for (;;) {
2306 int num_active = 0;
2307 for (i = 0; i < FSG_NUM_BUFFERS; ++i) {
2308 bh = &common->buffhds[i];
2309 num_active += bh->inreq_busy + bh->outreq_busy;
2310 }
2311 if (num_active == 0)
2312 break;
2313 if (sleep_thread(common))
2314 return;
2315 }
2316
2317
2318 if (common->fsg->bulk_in_enabled)
2319 usb_ep_fifo_flush(common->fsg->bulk_in);
2320 if (common->fsg->bulk_out_enabled)
2321 usb_ep_fifo_flush(common->fsg->bulk_out);
2322 }
2323
2324
2325
2326
2327 for (i = 0; i < FSG_NUM_BUFFERS; ++i) {
2328 bh = &common->buffhds[i];
2329 bh->state = BUF_STATE_EMPTY;
2330 }
2331 common->next_buffhd_to_fill = &common->buffhds[0];
2332 common->next_buffhd_to_drain = &common->buffhds[0];
2333 exception_req_tag = common->exception_req_tag;
2334 old_state = common->state;
2335
2336 if (old_state == FSG_STATE_ABORT_BULK_OUT)
2337 common->state = FSG_STATE_STATUS_PHASE;
2338 else {
2339 for (i = 0; i < common->nluns; ++i) {
2340 curlun = &common->luns[i];
2341 curlun->sense_data = SS_NO_SENSE;
2342 curlun->info_valid = 0;
2343 }
2344 common->state = FSG_STATE_IDLE;
2345 }
2346
2347
2348 switch (old_state) {
2349 case FSG_STATE_ABORT_BULK_OUT:
2350 send_status(common);
2351
2352 if (common->state == FSG_STATE_STATUS_PHASE)
2353 common->state = FSG_STATE_IDLE;
2354 break;
2355
2356 case FSG_STATE_RESET:
2357
2358
2359
2360 if (!fsg_is_set(common))
2361 break;
2362 if (test_and_clear_bit(IGNORE_BULK_OUT,
2363 &common->fsg->atomic_bitflags))
2364 usb_ep_clear_halt(common->fsg->bulk_in);
2365
2366 if (common->ep0_req_tag == exception_req_tag)
2367 ep0_queue(common);
2368
2369 break;
2370
2371 case FSG_STATE_CONFIG_CHANGE:
2372 do_set_interface(common, common->new_fsg);
2373 break;
2374
2375 case FSG_STATE_EXIT:
2376 case FSG_STATE_TERMINATED:
2377 do_set_interface(common, NULL);
2378 common->state = FSG_STATE_TERMINATED;
2379 break;
2380
2381 case FSG_STATE_INTERFACE_CHANGE:
2382 case FSG_STATE_DISCONNECT:
2383 case FSG_STATE_COMMAND_PHASE:
2384 case FSG_STATE_DATA_PHASE:
2385 case FSG_STATE_STATUS_PHASE:
2386 case FSG_STATE_IDLE:
2387 break;
2388 }
2389}
2390
2391
2392
2393int fsg_main_thread(void *common_)
2394{
2395 int ret;
2396 struct fsg_common *common = the_fsg_common;
2397
2398 do {
2399 if (exception_in_progress(common)) {
2400 handle_exception(common);
2401 continue;
2402 }
2403
2404 if (!common->running) {
2405 ret = sleep_thread(common);
2406 if (ret)
2407 return ret;
2408
2409 continue;
2410 }
2411
2412 ret = get_next_command(common);
2413 if (ret)
2414 return ret;
2415
2416 if (!exception_in_progress(common))
2417 common->state = FSG_STATE_DATA_PHASE;
2418
2419 if (do_scsi_command(common) || finish_reply(common))
2420 continue;
2421
2422 if (!exception_in_progress(common))
2423 common->state = FSG_STATE_STATUS_PHASE;
2424
2425 if (send_status(common))
2426 continue;
2427
2428 if (!exception_in_progress(common))
2429 common->state = FSG_STATE_IDLE;
2430 } while (0);
2431
2432 common->thread_task = NULL;
2433
2434 return 0;
2435}
2436
2437static void fsg_common_release(struct kref *ref);
2438
2439static struct fsg_common *fsg_common_init(struct fsg_common *common,
2440 struct usb_composite_dev *cdev)
2441{
2442 struct usb_gadget *gadget = cdev->gadget;
2443 struct fsg_buffhd *bh;
2444 struct fsg_lun *curlun;
2445 int nluns, i, rc;
2446
2447
2448 nluns = ums_count;
2449 if (nluns < 1 || nluns > FSG_MAX_LUNS) {
2450 printf("invalid number of LUNs: %u\n", nluns);
2451 return ERR_PTR(-EINVAL);
2452 }
2453
2454
2455 if (!common) {
2456 common = calloc(sizeof(*common), 1);
2457 if (!common)
2458 return ERR_PTR(-ENOMEM);
2459 common->free_storage_on_release = 1;
2460 } else {
2461 memset(common, 0, sizeof(*common));
2462 common->free_storage_on_release = 0;
2463 }
2464
2465 common->ops = NULL;
2466 common->private_data = NULL;
2467
2468 common->gadget = gadget;
2469 common->ep0 = gadget->ep0;
2470 common->ep0req = cdev->req;
2471
2472
2473 if (fsg_strings[FSG_STRING_INTERFACE].id == 0) {
2474 rc = usb_string_id(cdev);
2475 if (unlikely(rc < 0))
2476 goto error_release;
2477 fsg_strings[FSG_STRING_INTERFACE].id = rc;
2478 fsg_intf_desc.iInterface = rc;
2479 }
2480
2481
2482
2483 curlun = calloc(nluns, sizeof *curlun);
2484 if (!curlun) {
2485 rc = -ENOMEM;
2486 goto error_release;
2487 }
2488 common->nluns = nluns;
2489
2490 for (i = 0; i < nluns; i++) {
2491 common->luns[i].removable = 1;
2492
2493 rc = fsg_lun_open(&common->luns[i], ums[i].num_sectors, "");
2494 if (rc)
2495 goto error_luns;
2496 }
2497 common->lun = 0;
2498
2499
2500 bh = common->buffhds;
2501
2502 i = FSG_NUM_BUFFERS;
2503 goto buffhds_first_it;
2504 do {
2505 bh->next = bh + 1;
2506 ++bh;
2507buffhds_first_it:
2508 bh->inreq_busy = 0;
2509 bh->outreq_busy = 0;
2510 bh->buf = memalign(CONFIG_SYS_CACHELINE_SIZE, FSG_BUFLEN);
2511 if (unlikely(!bh->buf)) {
2512 rc = -ENOMEM;
2513 goto error_release;
2514 }
2515 } while (--i);
2516 bh->next = common->buffhds;
2517
2518 snprintf(common->inquiry_string, sizeof common->inquiry_string,
2519 "%-8s%-16s%04x",
2520 "Linux ",
2521 "File-Store Gadget",
2522 0xffff);
2523
2524
2525
2526
2527
2528
2529
2530 common->thread_task =
2531 kthread_create(fsg_main_thread, common,
2532 OR(cfg->thread_name, "file-storage"));
2533 if (IS_ERR(common->thread_task)) {
2534 rc = PTR_ERR(common->thread_task);
2535 goto error_release;
2536 }
2537
2538#undef OR
2539
2540 INFO(common, FSG_DRIVER_DESC ", version: " FSG_DRIVER_VERSION "\n");
2541 INFO(common, "Number of LUNs=%d\n", common->nluns);
2542
2543 return common;
2544
2545error_luns:
2546 common->nluns = i + 1;
2547error_release:
2548 common->state = FSG_STATE_TERMINATED;
2549
2550
2551 fsg_common_release(&common->ref);
2552 return ERR_PTR(rc);
2553}
2554
2555static void fsg_common_release(struct kref *ref)
2556{
2557 struct fsg_common *common = container_of(ref, struct fsg_common, ref);
2558
2559
2560 if (common->state != FSG_STATE_TERMINATED) {
2561 raise_exception(common, FSG_STATE_EXIT);
2562 wait_for_completion(&common->thread_notifier);
2563 }
2564
2565 if (likely(common->luns)) {
2566 struct fsg_lun *lun = common->luns;
2567 unsigned i = common->nluns;
2568
2569
2570 for (; i; --i, ++lun)
2571 fsg_lun_close(lun);
2572
2573 kfree(common->luns);
2574 }
2575
2576 {
2577 struct fsg_buffhd *bh = common->buffhds;
2578 unsigned i = FSG_NUM_BUFFERS;
2579 do {
2580 kfree(bh->buf);
2581 } while (++bh, --i);
2582 }
2583
2584 if (common->free_storage_on_release)
2585 kfree(common);
2586}
2587
2588
2589
2590
2591
2592
2593
2594
2595
2596
2597
2598
2599
2600
2601
2602
2603struct usb_descriptor_header **
2604usb_copy_descriptors(struct usb_descriptor_header **src)
2605{
2606 struct usb_descriptor_header **tmp;
2607 unsigned bytes;
2608 unsigned n_desc;
2609 void *mem;
2610 struct usb_descriptor_header **ret;
2611
2612
2613 for (bytes = 0, n_desc = 0, tmp = src; *tmp; tmp++, n_desc++)
2614 bytes += (*tmp)->bLength;
2615 bytes += (n_desc + 1) * sizeof(*tmp);
2616
2617 mem = memalign(CONFIG_SYS_CACHELINE_SIZE, bytes);
2618 if (!mem)
2619 return NULL;
2620
2621
2622
2623
2624
2625 tmp = mem;
2626 ret = mem;
2627 mem += (n_desc + 1) * sizeof(*tmp);
2628 while (*src) {
2629 memcpy(mem, *src, (*src)->bLength);
2630 *tmp = mem;
2631 tmp++;
2632 mem += (*src)->bLength;
2633 src++;
2634 }
2635 *tmp = NULL;
2636
2637 return ret;
2638}
2639
2640static void fsg_unbind(struct usb_configuration *c, struct usb_function *f)
2641{
2642 struct fsg_dev *fsg = fsg_from_func(f);
2643
2644 DBG(fsg, "unbind\n");
2645 if (fsg->common->fsg == fsg) {
2646 fsg->common->new_fsg = NULL;
2647 raise_exception(fsg->common, FSG_STATE_CONFIG_CHANGE);
2648 }
2649
2650 free(fsg->function.descriptors);
2651 free(fsg->function.hs_descriptors);
2652 kfree(fsg);
2653}
2654
2655static int fsg_bind(struct usb_configuration *c, struct usb_function *f)
2656{
2657 struct fsg_dev *fsg = fsg_from_func(f);
2658 struct usb_gadget *gadget = c->cdev->gadget;
2659 int i;
2660 struct usb_ep *ep;
2661 fsg->gadget = gadget;
2662
2663
2664 i = usb_interface_id(c, f);
2665 if (i < 0)
2666 return i;
2667 fsg_intf_desc.bInterfaceNumber = i;
2668 fsg->interface_number = i;
2669
2670
2671 ep = usb_ep_autoconfig(gadget, &fsg_fs_bulk_in_desc);
2672 if (!ep)
2673 goto autoconf_fail;
2674 ep->driver_data = fsg->common;
2675 fsg->bulk_in = ep;
2676
2677 ep = usb_ep_autoconfig(gadget, &fsg_fs_bulk_out_desc);
2678 if (!ep)
2679 goto autoconf_fail;
2680 ep->driver_data = fsg->common;
2681 fsg->bulk_out = ep;
2682
2683
2684 f->descriptors = usb_copy_descriptors(fsg_fs_function);
2685 if (unlikely(!f->descriptors))
2686 return -ENOMEM;
2687
2688 if (gadget_is_dualspeed(gadget)) {
2689
2690 fsg_hs_bulk_in_desc.bEndpointAddress =
2691 fsg_fs_bulk_in_desc.bEndpointAddress;
2692 fsg_hs_bulk_out_desc.bEndpointAddress =
2693 fsg_fs_bulk_out_desc.bEndpointAddress;
2694 f->hs_descriptors = usb_copy_descriptors(fsg_hs_function);
2695 if (unlikely(!f->hs_descriptors)) {
2696 free(f->descriptors);
2697 return -ENOMEM;
2698 }
2699 }
2700 return 0;
2701
2702autoconf_fail:
2703 ERROR(fsg, "unable to autoconfigure all endpoints\n");
2704 return -ENOTSUPP;
2705}
2706
2707
2708
2709
2710static struct usb_gadget_strings *fsg_strings_array[] = {
2711 &fsg_stringtab,
2712 NULL,
2713};
2714
2715static int fsg_bind_config(struct usb_composite_dev *cdev,
2716 struct usb_configuration *c,
2717 struct fsg_common *common)
2718{
2719 struct fsg_dev *fsg;
2720 int rc;
2721
2722 fsg = calloc(1, sizeof *fsg);
2723 if (!fsg)
2724 return -ENOMEM;
2725 fsg->function.name = FSG_DRIVER_DESC;
2726 fsg->function.strings = fsg_strings_array;
2727 fsg->function.bind = fsg_bind;
2728 fsg->function.unbind = fsg_unbind;
2729 fsg->function.setup = fsg_setup;
2730 fsg->function.set_alt = fsg_set_alt;
2731 fsg->function.disable = fsg_disable;
2732
2733 fsg->common = common;
2734 common->fsg = fsg;
2735
2736
2737
2738
2739
2740
2741 rc = usb_add_function(c, &fsg->function);
2742
2743 if (rc)
2744 kfree(fsg);
2745
2746 return rc;
2747}
2748
2749int fsg_add(struct usb_configuration *c)
2750{
2751 struct fsg_common *fsg_common;
2752
2753 fsg_common = fsg_common_init(NULL, c->cdev);
2754
2755 fsg_common->vendor_name = 0;
2756 fsg_common->product_name = 0;
2757 fsg_common->release = 0xffff;
2758
2759 fsg_common->ops = NULL;
2760 fsg_common->private_data = NULL;
2761
2762 the_fsg_common = fsg_common;
2763
2764 return fsg_bind_config(c->cdev, c, fsg_common);
2765}
2766
2767int fsg_init(struct ums *ums_devs, int count, unsigned int controller_idx)
2768{
2769 ums = ums_devs;
2770 ums_count = count;
2771 controller_index = controller_idx;
2772
2773 return 0;
2774}
2775
2776DECLARE_GADGET_BIND_CALLBACK(usb_dnl_ums, fsg_add);
2777
